From 681ba6fc3c296cd6cd11050531b8f4e785141786 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 16 Dec 2014 07:28:48 -0500
Subject: [PATCH] Improve system security by using optional special URL with security token Allows to define separate server/path for image/js/css files Fix bugs where CSRF attacks were still possible on some requests

---
 .htaccess |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/.htaccess b/.htaccess
index a9cc5c3..32c47f0 100644
--- a/.htaccess
+++ b/.htaccess
@@ -30,7 +30,7 @@
 # security rules:
 # - deny access to files not containing a dot or starting with a dot
 #   in all locations except installer directory
-RewriteRule ^(?!installer)(\.?[^\.]+)$ - [F]
+RewriteRule ^(?!installer|[a-f0-9]{16})(\.?[^\.]+)$ - [F]
 # - deny access to some locations
 RewriteRule ^/?(\.git|\.tx|SQL|bin|config|logs|temp|tests|program\/(include|lib|localization|steps)) - [F]
 # - deny access to some documentation files

--
Gitblit v1.9.1